lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: Yonatan at xpert.com (Yonatan Bokovza)
Subject: RE: remote kernel exploits?

> -----Original Message-----
> From: andy_mn@...hmail.com [mailto:andy_mn@...hmail.com]
> Sent: Sunday, September 08, 2002 14:44
> To: full-disclosure@...ts.netsys.com
> Cc: vuln-dev@...urityfocus.com; incidents@...urityfocus.com
> Subject: remote kernel exploits?
> 
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hey
> 
> I've been hearing about this for the past year, but always shrugged
> it off as fun-and-games at best or FUD at worst. A few days 
> ago, though,
> I posed the question to a friend who has been a very reliable source
> in the past concerning exploit rumors and security gossip (among
> many other things, he was able to give me two week's warning about
> the Apache chunked encoding hole). He said in no uncertain terms
> that although he has no substantial information concerning the flaws,
> the Linux kernel, FreeBSD/OpenBSD kernel, and possibly other kernels
> contain remote vulnerabilities that were discovered independently by
> both a Bindview employee and/or an individual using the nickname ~el8.
> 
> The bugs are said to have something to do with integer manipulation in
> the kernels' TCP/IP stacks. That's all he was able to offer 
> me, but was
> very forward in saying that he has full confidence based on
> conversations with others that these bugs do indeed exist.
> 
> Now, there's always the chance I'll be wrong, but unless 
> someone wishes
> to comment on the technical plausibility of these vulnerabilities, I
> have several second-rate reasons as to why I believe these rumours
> are most likely just figments of the imagination:
> 
> - - I have not seen any incident reports on Incidents, or any other
> mailing list for that matter.
> 
> - - You'd think several high profile sites would've been 
> attacked already
> with such devastating exploits, but I've seen no reports of this. In
> fact, if the kids really did have such an exploit, you'd think they'd
> tag their h4ndl3z all over high profile sites. But according 
> to Alldas,
> high profile defacements have been virtually nonexistent in the last
> year or so.
> 
> - - Given the skill required to craft such an exploit, I'd think it
> would be way out of the grasp of the kids. Since no researcher has
> come forth with such a vulnerability, it's logical to conclude that
> this does not exist.
> 
> 
> Anyway, I'm very interested in hearing what others have to offer
> concerning these rumors. Even if it's for reassurance ;>

It might be the case that this is the problem:
http://www.openbsd.org/errata.html#scarg
I know that a similar problem was fixed in FreeBSD a little
later, but I can't find the correct pointer.
Since this is a problem in the kernel, it might be remotely
exploitable.

Regards,
Yonatan.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ